Tata Consultancy Services (TCS) announced findings from its TCS Risk & Cybersecurity Study, which reveal that cyber executives may not be sufficiently prioritising threats from vulnerabilities within the value chain, beyond the immediate boundaries of their own organisations.
When asked to rank where companies will see the greatest number of cyberattacks between now and 2025, ecosystem partners came in last place (10th).
At a time when enterprises are increasingly banking on digital ecosystems for their growth strategies, TCS’ survey shows that only 16 per cent of chief risk officers (CROs) and chief information security officers (CISOs) ranked digital ecosystems as a concern when assessing expected cyber targets, and only 14 per cent listed the risks from such ecosystems as the top priority arising out of board-level discussions, the report added.
“Companies across the globe are increasingly turning to digital ecosystems of partners, vendors, and even competitors to reimagine and grow their business. Ignoring the threats originating from these ecosystems represents a blind spot that needs to be addressed urgently. One way of reducing the probability of an attack within digital supply chains is to implement a ‘zero trust’ policy—a framework based on the principle of ‘never trust, always verify,’ applied not only to humans but also machines,” said Santha Subramoni, Global Head, Cybersecurity, TCS.
When mapping out priorities between now and 2025, CISOs rank governance, strategy, and talent acquisition highly. Ranking highest is the prioritisation of the security posture of the company and defining the controls and standards. Ranked second is establishing a more robust cybersecurity strategy, followed by investing in security talent acquisition and development.
Talent Retention
The study also found that talent retention directly correlates with how a company stores its information. Cloud-positive organisations were found to have a slight advantage in retaining and recruiting talent with notoriously hard-to-find cyber skills, compared to those companies who think that on-premises or traditional data centre security is preferable to what is available via the cloud.
In fact, embracing cloud platforms gives companies a five-point advantage in recruiting and retaining talent with cyber risk and security skills.
“As businesses look to keep up with rapidly evolving complexities in cybersecurity, the talent gap is widening. Demonstrating a serious commitment to cybersecurity by sustained attention from senior leadership, funding, and process changes will be vital to recruiting and retaining top talent,” said Bob Scalise, Managing Partner, Risk and Cyber Strategy, TCS.
The study also highlights that some corporate boards may not be sufficiently focused on cyber risks.
One in six respondents reported that their corporate board of directors considers issues related to cyber risk and security only “occasionally, as necessary, or never.” Companies with higher-than-average revenue and profit growth are more likely to discuss cybersecurity at every board meeting.
Sixty-two percent of companies are now as or more comfortable with the security provided by cloud platforms than that of on-premises and traditional data centres suggesting that the common concern about the cloud in its early days is fading.